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LISTING OF CLAIMS 

This listing of claims will replace all prior versions, and listings, of claims in the 
application: 

5 CLAIMS 

1 . (Currently Amended) An apparatus for proving authentication when a user 
is not present, said apparatus comprising: 

a Web service client coupled to a Web service provider; 
an online wallet configured to store and selectively release financial 
10 information of var i ous users said user : and 

a discovery service; 
wherein: 

said Web service client, sa i d servic e prov i d e r, said Web service provider, 
and said discovery service agree to work with each other; and 

15 an act of releasing financial information of th e g i von said user from the 

said online wallet to fund an online purchase transaction on behalf 
of a giv e n said user without a live authenticated session of the 
given said user with the Web service client is conditioned upon 
receiving proof of authority to conduct the requested online 

20 purchase transaction without the live authenticated session. 

2. (Original) The apparatus of Claim 1 , wherein said Web sen/ice client 
comprises an assertion, said assertion comprising a statement that said user has 
an authenticated session. 

25 

3. (Original) The apparatus of Claim 2, wherein said assertion is signed by 
an authority. 

4. (Original) The apparatus of Claim 3, wherein said authority is an identity 
30 provider of said discovery service. 
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5. (Original) The apparatus of Claim 2, wherein said statement comprises, 
but is not limited to, the following information: 
a system entity that made said assertion; 
5 a system entity making a request; 

a system entity relying on said assertion; and 
a name identifier of said user in a namespace of said system entity that made 
said assertion to said system entity relying on said assertion. 

10 6. (Original) The apparatus of Claim 5, wherein said system entity making 
said assertion is an identity provider of said discovery service. 

7. (Original) The apparatus of Claim 5, wherein said system entity making a 
request is said Web service client. 

15 

8. (Previously Presented) The apparatus of Claim 5, wherein said system 
entity relying on said assertion is said online wallet. 

9. (Previously Presented) The apparatus of Claim 5, wherein said asserting 
20 party is said Web service client and said relying party is said online wallet. 

10. (Previously Presented) The apparatus of Claim 2, wherein said statement 
is included in an extended assertion that is given to said online wallet at time of 
authentication. 

25 

1 1 . (Original) The apparatus of Claim 1 , further comprising: 

means for said Web service client presenting to said discovery service a 
service assertion obtained from a second system entity, wherein 
said service assertion comprises a user presence statement; and 
30 means for said discovery service issuing a new service assertion 

comprising a new user presence statement, said new service 
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assertion and said new user presence statement associated with 
said second system entity. 

1 2. (Original) Tlie apparatus of Claim 1 1 , whierein said second system entity is 
5 a second Web service client. 

1 3. (Original) The apparatus of Claim 1 , further comprising means for said 
discovery service recording and storing user statement information. 

10 14. (Original) The apparatus of Claim 13, wherein said recorded and stored 
user statement information is in the form of a table. 

1 5. (Previously Presented) The apparatus of Claim 1 , further comprising 
means for said online wallet storing a ticket for checking said permission to 

15 request a sen/ice. 

16. (Currently Amended) The apparatus of Claim 1 , further comprising means 
for testing a request to said Web service provider w hile a said user is still 
present, wherein either or both said discovery service and said online wallet can 

20 perform real-time consent informational data collection from a said user without 
having actually performed a particular online transaction. 

1 7. (Currently Amended) A method for proving authentication when a user is 
not present, said method comprising the steps of: 

25 providing a Web service client coupled to a Web service provider; 

providing an online wallet configured to store and selectively release 

financial information of various users; 
providing a discovery sen/ice; 
wherein: 

30 said Web service client, sa i d s e rv i c e provider, said Web service provider, 

and said discovery service agree to work with each other; and 
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an act of releasing financial information of tlio givon said user from the 
said online wallet to fund an online purchase transaction on behalf 
of a giv e n said user without a live authenticated session of the 
giv e n said user with the said Web service client is conditioned upon 
5 receiving proof of authority to conduct the said requested online 

purchase transaction without the said live authenticated session. 

1 8. (Original) The method of Claim 1 7, wherein said Web service client 
comprises an assertion, said assertion comprising a statement that said user has 

10 an authenticated session. 

1 9. (Original) The method of Claim 1 8, wherein said assertion is signed by an 
authority. 

15 20. (Original) The method of Claim 1 9, wherein said authority is an identity 
provider of said discovery service. 

21 . (Original) The method of Claim 1 8, wherein said statement comprises, but 
is not limited to, the following information: 

a system entity that made said assertion; 
a system entity making a request; 

a system entity relying on said assertion; and 

a name identifier of said user in a namespace of said system entity that 
made said assertion to said system entity relying on said assertion. 

22. (Original) The method of Claim 21 , wherein said system entity making said 
assertion is an identity provider of said discovery service. 

23. (Original) The method of Claim 21 , wherein said system entity making a 
30 request is said Web sen/ice client. 
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24. (Previously Presented) The method of Claim 21 , wherein said system 
entity relying on said assertion is said online wallet. 

25. (Previously Presented) The method of Claim 21 , wherein said asserting 
5 party is said Web service client and said relying party is said online wallet. 

26. (Previously Presented) The method of Claim 18, wherein said statement is 
included in an extended assertion that is given to said online wallet at time of 
authentication. 

10 

27. (Original) The method of Claim 1 7, further comprising the steps of: 
said Web service client presenting to said discovery service a service 

assertion obtained from a second system entity, wherein said 
service assertion comprises a user presence statement; and 
15 said discovery service issuing a new sen/ice assertion comprising a new 

user presence statement, said new sen/ice assertion and said new 
user presence statement associated with said second system 
entity. 

20 28. (Original) The method of Claim 27, wherein said second system entity is a 
second Web service client. 

29. (Original) The method of Claim 1 7, further comprising the step of said 
discovery service recording and storing user statement information. 

25 . 

30. (Previously Presented) The method of Claim 29, wherein said recorded 
and stored user statement information is in the form of a table. 
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31 . (Previously Presented) The method of Claim 1 7, further comprising the 
step of said online wallet storing a ticket for checking said permission to request 
a service. 
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32. (Currently Amended) The method of Claim 1 7, further comprising the step 
of testing a request to said online wallet while a user is still present, wherein 
either or both said discovery service and said online wallet can perform real-time 

5 consent informational data collection from a user without having actually 
performed a particular online transaction. 

33. (Currently Amended) A method for invoking authenticated transactions on 
behalf of a user when the said user is not present, said method comprising the 
steps of: 

a Web service provider, at a time when a said user is present, asking the 
said user if said Web service provider can perform a particular 
online t ransaction at a later point in time when the said user is not 
present, wherein if the said user indicates yes, then said Web 
service provider sending a notification to register with any of, or 
both of: 

a trusted discovery service; and 

a user activated online wallet confidentially storing financial data of 
the said user sufficient to fund the particular online 
transaction; 

wherein while the said user is still present, the said user can be asked to 
provide informational content related to said particular online 

transaction; and 

at a time when the said user is not present, the Web service provider 

initiating the particular online t ransaction and requesting the online 
wallet to release financial data of the said user. 

34. (Currently Amended) The method of Claim 33, further comprising the step 
of a discovery service checking if the said user gave permission for contacting 

30 said online wallet when the said user is not present, and if permission is granted, 
allowing control to go to said online wallet. 

7 
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35. (Currently Amended) The method of Claim 33, further comprising any of 
the steps of said Web service provider: 

trusting said discovery service performed checking for permission and 

accepting that if said discovery service indicates the said user gave 
permission, then said online wallet performing said particular online 
transaction; and 

said online wallet deciding to perform checking for pennission, and 

subsequently performing said particular online t ransaction if said 
online wallet detemiines permission is granted. 

36. (Original) The method of Claim 33, further comprising the step of providing 
a user capability of reviewing and modifying stored permissions. 

37. (Original) The method of Claim 33, further comprising the step of providing 
robust security by having trust kept centrally in said discovery service. 

38. (Previously Presented) The method of Claim 33, further comprising said 
discovery service supporting a plurality of different types of online wallet. 

39. (Currently Amended) An apparatus for invoking authenticated online 
transactions on behalf of a user when the said user is not present, comprising: 

a computer driven service provider, configured to perform operations 

comprising, at a time when a said user is present, asking the said 
user if said service provider can perfonn a particular online 
transaction at a later point in time when the said user is not present, 
wherein if the said user indicates yes, then said service provider 
sending a notification to register with any of, or both of: 
a trusted discovery service; and 
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a user activated online wallet confidentially storing financial data of 
the said user sufficient to fund the particular online 
transaction; 

wherein while the said user is still present, the said user can be asked to 
5 provide informational content related to said particular online 

transaction; and 

wherein the said service provider is configured to perform further 

operations comprising, at a time when the said user is not present, 
initiating the particular online t ransaction and requesting the online 
10 wallet to release financial data of the said user. 

40. (Currently Amended) The apparatus of Claim 39, further comprising 
means for a said discovery service checking if the said user gave permission for 
contacting said online wallet when the said user is not present, and if permission 

15 is granted, allowing control to go to said online wallet. 

41 . (Currently Amended) The apparatus of Claim 39, further comprising the 
on li n e wall e t, the online wallet being programmed to perform operations 
comprising: 

20 trusting said discovery service performed checking for permission and 

accepting that if said discovery service indicates the said user gave 
permission, then said online wallet performing said particular online 
transaction; and 
said online wallet deciding to perform checking for permission, and 

25 subsequently performing said particular online t ransaction if said 

online wallet determines permission is granted; 

42. (Original) The apparatus of Claim 39, further comprising means for 
providing a user capability of reviewing and modifying stored permissions. 

30 
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43. (Original) The apparatus of Claim 39, further comprising means for 
providing robust security by having trust kept centrally in said discovery service. 

44. (Previously Presented) The apparatus of Claim 39, further comprising 

5 means for said discovery service supporting a plurality of different types of online 
wallet. 

45. (Currently Amended) A process for establishing user authentication when 
the a_user is not present, comprising operations of: 

10 at a time w e nt when t he said user Is engaged in a live authenticated 

session with an online service provider, the said online service 
provider asking the said user for permission for the said online 
service provider to conduct at least one subjoct online p urchase at 
a later point in time when the said user is no longer engaged in a 

15 live authenticated session with the said online service provider; 

responsive to an affirmative answer, the said online service provider 
sending registration data to at least one of: 
a trusted discovery service; 

an online wallet responsible for providing finance information to 

20 carry out the subject purchase; 

at a time when the said user is not present, the said online service 

provider initiating a n online purchase transaction on behalf of the 
said user, and in response thereto, submitting a request to reveal 
finance information of the said user to implement the said online 

25 purchase transaction, the request being submitted to the said 

trusted discovery service; 
responsive to the request, the said trusted discovery service p erforming at 
least one of the following operations: 

the said trusted discovery service checking for presence of the said 
30 registration data to determine if the said user gave prior 

permission for conducting the requested online purchase 
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transaction with the said online wallet when the said user is 
not present, and if so, the said trusted discovery service 
authorizing ti^ said online wallet to reveal the said 
requested finance information of the said user to complete 
5 the said requested online purchase t ransaction: 

in the event registration data lies with the said online wallet, the 

said trusted discovery service fonwarding the said request to 
the said online wallet for determination therein as to whether 
the said user gave prior permission for conducting the said 
10 requested online purchase t ransaction with the said online 

wallet. 

46. (Currently Amended) The process of claim 45, the operations further 
comprising: 

15 if the said user gave prior permission, the said online wallet revealing the 

said requested finance information of the said user to complete the 
said online purchase transaction even though the said user is not 
engaged in a live authenticated session with the said online service 
provider. 

20 

47. (Currently Amended) The process of claim 45, the operations further 
comprising: 

responsive to the said trusted discovery service authorizing the said online 
wallet to complete the said online purchase t ransaction, the said 
25 online wallet verifying the said registration data as a condition to 

revealing the said requested finance information. 



48. (Currently Amended) The method process of claim 45, where the 
op e rat i on the operation of submitting the said request to the said trusted 
30 discovery service comprises: 
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the said online service provider making the said request via client software 
representing the said user. 

49. (Currently Amended) The process of claim 45, the said online service 
5 provider further comprising web services client software. 

50. (Currently Amended) The process of claim 45, the operations further 
comprising: 

while the said user is engaged in a live authenticated session with the said 
10 online service provider, conducting a test online purchase t ransaction 

short of actually completing the said online purchase transaction in order 
to verify that the said test online purchase transaction can be successfully 
carried out at a later time when the said user is not engaged in a live 
authenticated session with the said online sen/ice provider. 

15 
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